Open noorul opened 3 weeks ago
usr/local/bin/consul-template (gobinary) Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 1) ┌───────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/hashicorp/go-retryablehttp │ CVE-2024-6104 │ MEDIUM │ fixed │ v0.7.2 │ 0.7.7 │ go-retryablehttp: url might write sensitive information to │ │ │ │ │ │ │ │ log file │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-6104 │ ├───────────────────────────────────────┼────────────────┼──────────┤ ├───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-24790 │ CRITICAL │ │ 1.22.3 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │ │ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790 │ │ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-24789 │ MEDIUM │ │ │ │ golang: archive/zip: Incorrect handling of certain ZIP files │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24789 │ └───────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘
Looks like go version needs to be bumped
Hello, Any update on upgrading these packages with Fix version? We are having issue with go-retryablehttp @v0.7.2
Looks like go version needs to be bumped